# HG changeset patch # User chegar # Date 1273223497 -3600 # Node ID 8c4deb1b4a450f61e1e102c71436e217b179aa5f # Parent ad2d35ddcf37cfb1e0ec69b90d06806cca9572ee 6947917: Error in basic authentication when user name and password are long Reviewed-by: weijun diff -r ad2d35ddcf37 -r 8c4deb1b4a45 jdk/src/share/classes/sun/net/www/protocol/http/BasicAuthentication.java --- a/jdk/src/share/classes/sun/net/www/protocol/http/BasicAuthentication.java Thu May 06 17:17:09 2010 +0100 +++ b/jdk/src/share/classes/sun/net/www/protocol/http/BasicAuthentication.java Fri May 07 10:11:37 2010 +0100 @@ -29,8 +29,10 @@ import java.net.URI; import java.net.URISyntaxException; import java.net.PasswordAuthentication; +import java.io.IOException; +import java.io.OutputStream; import sun.net.www.HeaderParser; - +import sun.misc.BASE64Encoder; /** * BasicAuthentication: Encapsulate an http server authentication using @@ -74,7 +76,7 @@ System.arraycopy(nameBytes, 0, concat, 0, nameBytes.length); System.arraycopy(passwdBytes, 0, concat, nameBytes.length, passwdBytes.length); - this.auth = "Basic " + (new sun.misc.BASE64Encoder()).encode(concat); + this.auth = "Basic " + (new BasicBASE64Encoder()).encode(concat); this.pw = pw; } @@ -114,7 +116,7 @@ System.arraycopy(nameBytes, 0, concat, 0, nameBytes.length); System.arraycopy(passwdBytes, 0, concat, nameBytes.length, passwdBytes.length); - this.auth = "Basic " + (new sun.misc.BASE64Encoder()).encode(concat); + this.auth = "Basic " + (new BasicBASE64Encoder()).encode(concat); this.pw = pw; } @@ -200,4 +202,11 @@ return npath; } + /* It is never expected that the header value will exceed the bytesPerLine */ + private class BasicBASE64Encoder extends BASE64Encoder { + @Override + protected int bytesPerLine() { + return (10000); + } + } } diff -r ad2d35ddcf37 -r 8c4deb1b4a45 jdk/test/sun/net/www/protocol/http/BasicLongCredentials.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/test/sun/net/www/protocol/http/BasicLongCredentials.java Fri May 07 10:11:37 2010 +0100 @@ -0,0 +1,111 @@ +/* + * Copyright 2010 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, + * CA 95054 USA or visit www.sun.com if you need additional information or + * have any questions. + */ + +/** + * @test + * @bug 6947917 + * @summary Error in basic authentication when user name and password are long + */ + +import com.sun.net.httpserver.BasicAuthenticator; +import com.sun.net.httpserver.HttpContext; +import com.sun.net.httpserver.HttpExchange; +import com.sun.net.httpserver.HttpHandler; +import com.sun.net.httpserver.HttpPrincipal; +import com.sun.net.httpserver.HttpServer; +import java.io.InputStream; +import java.io.IOException; +import java.net.Authenticator; +import java.net.InetSocketAddress; +import java.net.PasswordAuthentication; +import java.net.HttpURLConnection; +import java.net.URL; + +public class BasicLongCredentials { + + static final String USERNAME = "ThisIsMyReallyReallyReallyReallyReallyReally" + + "LongFirstNameDotLastNameAtCompanyEmailAddress"; + static final String PASSWORD = "AndThisIsALongLongLongLongLongLongLongLongLong" + + "LongLongLongLongLongLongLongLongLongPassword"; + static final String REALM = "foobar@test.realm"; + + public static void main (String[] args) throws Exception { + HttpServer server = HttpServer.create(new InetSocketAddress(0), 0); + try { + Handler handler = new Handler(); + HttpContext ctx = server.createContext("/test", handler); + + BasicAuthenticator a = new BasicAuthenticator(REALM) { + public boolean checkCredentials (String username, String pw) { + return USERNAME.equals(username) && PASSWORD.equals(pw); + } + }; + ctx.setAuthenticator(a); + server.start(); + + Authenticator.setDefault(new MyAuthenticator()); + + URL url = new URL("http://localhost:"+server.getAddress().getPort()+"/test/"); + HttpURLConnection urlc = (HttpURLConnection)url.openConnection(); + InputStream is = urlc.getInputStream(); + int c = 0; + while (is.read()!= -1) { c ++; } + + if (c != 0) { throw new RuntimeException("Test failed c = " + c); } + if (error) { throw new RuntimeException("Test failed: error"); } + + System.out.println ("OK"); + } finally { + server.stop(0); + } + } + + public static boolean error = false; + + static class MyAuthenticator extends java.net.Authenticator { + @Override + public PasswordAuthentication getPasswordAuthentication () { + if (!getRequestingPrompt().equals(REALM)) { + BasicLongCredentials.error = true; + } + return new PasswordAuthentication (USERNAME, PASSWORD.toCharArray()); + } + } + + static class Handler implements HttpHandler { + public void handle (HttpExchange t) throws IOException { + InputStream is = t.getRequestBody(); + while (is.read () != -1) ; + is.close(); + t.sendResponseHeaders(200, -1); + HttpPrincipal p = t.getPrincipal(); + if (!p.getUsername().equals(USERNAME)) { + error = true; + } + if (!p.getRealm().equals(REALM)) { + error = true; + } + t.close(); + } + } +}